Wireless Access

Contributor I

External Firewall with Aruba Controller

Hey all, a bit of a beginning with anything Aruba really.

So the idea here is to use an external firewall (instead of access control policies) to govern how wireless traffic is handled. 


For example, I set up a SSID on the aruba controller and it needs to only have access to specific services, like dhcp and dns (housed externally as well...not the dhcp server on the controller). How would I go about setting that up so they can work freely together?

Currently I set up the SSID with a default gateway of the external firewall and set the access control policy to basically allow all so that the controller itself does none of the blocking. Would I, then, set up rules on the external firewall to only allow specific services coming from that network and deny everything else?

I have already done the rest of the stuff, like setting up a dhcp scope (Externally), setting up the vlan and IP interface on the controller with the correct VLAN information on our switch as well. Also I have put a helper address on the IP Interface information on the aruba controller. 

Does it sound like I am on the right track, can anyone let me know if this will work properly, etc?


Re: External Firewall with Aruba Controller



You could setup some firewall policies on your firewall.. You didn't mention what it was and it'll probably be better asking in the  firewall vendors forum about that anyway.


Having said that, I personally wouldn't do it that way. I'd recommend to leverage the capabilities of your controller to enforce the firewall policy. It'll possibly be more secure, you'll be blocking the traffic from hitting the wired network instead of after traversing it and hitting your firewall.


Would you like help setting up firewall policies on your controller? :)




ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: